2014 ndi 6ws – Fitzmier, Lundberg, Abelkop



Download 0.68 Mb.
Page18/21
Date19.10.2016
Size0.68 Mb.
#3944
1   ...   13   14   15   16   17   18   19   20   21

AT: CIR

No Cyber Impact

No cyber impact


Healey 3/20 Jason, Director of the Cyber Statecraft Initiative at the Atlantic Council, "No, Cyberwarfare Isn't as Dangerous as Nuclear War", 2013, www.usnews.com/opinion/blogs/world-report/2013/03/20/cyber-attacks-not-yet-an-existential-threat-to-the-us

America does not face an existential cyberthreat today, despite recent warnings. Our cybervulnerabilities are undoubtedly grave and the threats we face are severe but far from comparable to nuclear war. ¶ The most recent alarms come in a Defense Science Board report on how to make military cybersystems more resilient against advanced threats (in short, Russia or China). It warned that the "cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War." Such fears were also expressed by Adm. Mike Mullen, then chairman of the Joint Chiefs of Staff, in 2011. He called cyber "The single biggest existential threat that's out there" because "cyber actually more than theoretically, can attack our infrastructure, our financial systems."¶ While it is true that cyber attacks might do these things, it is also true they have not only never happened but are far more difficult to accomplish than mainstream thinking believes. The consequences from cyber threats may be similar in some ways to nuclear, as the Science Board concluded, but mostly, they are incredibly dissimilar. ¶ Eighty years ago, the generals of the U.S. Army Air Corps were sure that their bombers would easily topple other countries and cause their populations to panic, claims which did not stand up to reality. A study of the 25-year history of cyber conflict, by the Atlantic Council and Cyber Conflict Studies Association, has shown a similar dynamic where the impact of disruptive cyberattacks has been consistently overestimated. ¶ Rather than theorizing about future cyberwars or extrapolating from today's concerns, the history of cyberconflict that have actually been fought, shows that cyber incidents have so far tended to have effects that are either widespread but fleeting or persistent but narrowly focused. No attacks, so far, have been both widespread and persistent. There have been no authenticated cases of anyone dying from a cyber attack. Any widespread disruptions, even the 2007 disruption against Estonia, have been short-lived causing no significant GDP loss. ¶ Moreover, as with conflict in other domains, cyberattacks can take down many targets but keeping them down over time in the face of determined defenses has so far been out of the range of all but the most dangerous adversaries such as Russia and China. Of course, if the United States is in a conflict with those nations, cyber will be the least important of the existential threats policymakers should be worrying about. Plutonium trumps bytes in a shooting war.¶ This is not all good news. Policymakers have recognized the problems since at least 1998 with little significant progress. Worse, the threats and vulnerabilities are getting steadily more worrying. Still, experts have been warning of a cyber Pearl Harbor for 20 of the 70 years since the actual Pearl Harbor. ¶ The transfer of U.S. trade secrets through Chinese cyber espionage could someday accumulate into an existential threat. But it doesn't seem so seem just yet, with only handwaving estimates of annual losses of 0.1 to 0.5 percent to the total U.S. GDP of around $15 trillion. That's bad, but it doesn't add up to an existential crisis or "economic cyberwar."

Their impacts are all hype


Walt 10 – Stephen M. Walt 10 is the Robert and Renée Belfer Professor of international relations at Harvard University "Is the cyber threat overblown?" March 30 walt.foreignpolicy.com/posts/2010/03/30/is_the_cyber_threat_overblown

Am I the only person -- well, besides Glenn Greenwald and Kevin Poulson -- who thinks the "cyber-warfare" business may be overblown? It’s clear the U.S. national security establishment is paying a lot more attention to the issue, and colleagues of mine -- including some pretty serious and level-headed people -- are increasingly worried by the danger of some sort of "cyber-Katrina." I don't dismiss it entirely, but this sure looks to me like a classic opportunity for threat-inflation.¶ Mind you, I'm not saying that there aren't a lot of shenanigans going on in cyber-space, or that various forms of cyber-warfare don't have military potential. So I'm not arguing for complete head-in-the-sand complacency. But here’s what makes me worry that the threat is being overstatedFirst, the whole issue is highly esoteric -- you really need to know a great deal about computer networks, software, encryption, etc., to know how serious the danger might be. Unfortunately, details about a number of the alleged incidents that are being invoked to demonstrate the risk of a "cyber-Katrina," or a cyber-9/11, remain classified, which makes it hard for us lay-persons to gauge just how serious the problem really was or is. Moreover, even when we hear about computers being penetrated by hackers, or parts of the internet crashing, etc., it’s hard to know how much valuable information was stolen or how much actual damage was done. And as with other specialized areas of technology and/or military affairs, a lot of the experts have a clear vested interest in hyping the threat, so as to create greater demand for their services. Plus, we already seem to have politicians leaping on the issue as a way to grab some pork for their states.¶ Second, there are lots of different problems being lumped under a single banner, whether the label is "cyber-terror" or "cyber-war." One issue is the use of various computer tools to degrade an enemy’s military capabilities (e.g., by disrupting communications nets, spoofing sensors, etc.). A second issue is the alleged threat that bad guys would penetrate computer networks and shut down power grids, air traffic control, traffic lights, and other important elements of infrastructure, the way that internet terrorists (led by a disgruntled computer expert) did in the movie Live Free and Die Hard. A third problem is web-based criminal activity, including identity theft or simple fraud (e.g., those emails we all get from someone in Nigeria announcing that they have millions to give us once we send them some account information). A fourth potential threat is “cyber-espionage”; i.e., clever foreign hackers penetrate Pentagon or defense contractors’ computers and download valuable classified information. And then there are annoying activities like viruses, denial-of-service attacks, and other things that affect the stability of web-based activities and disrupt commerce (and my ability to send posts into FP).¶ This sounds like a rich menu of potential trouble, and putting the phrase "cyber" in front of almost any noun makes it sound trendy and a bit more frightening. But notice too that these are all somewhat different problems of quite different importance, and the appropriate response to each is likely to be different too. Some issues -- such as the danger of cyber-espionage -- may not require elaborate technical fixes but simply more rigorous security procedures to isolate classified material from the web. Other problems may not require big federal programs to address, in part because both individuals and the private sector have incentives to protect themselves (e.g., via firewalls or by backing up critical data). And as Greenwald warns, there may be real costs to civil liberties if concerns about vague cyber dangers lead us to grant the NSA or some other government agency greater control over the Internet. ¶ Third, this is another issue that cries out for some comparative cost-benefit analysis. Is the danger that some malign hacker crashes a power grid greater than the likelihood that a blizzard would do the same thing? Is the risk of cyber-espionage greater than the potential danger from more traditional forms of spying? Without a comparative assessment of different risks and the costs of mitigating each one, we will allocate resources on the basis of hype rather than analysis. In short, my fear is not that we won't take reasonable precautions against a potential set of dangers; my concern is that we will spend tens of billions of dollars protecting ourselves against a set of threats that are not as dangerous as we are currently being told they are


Download 0.68 Mb.

Share with your friends:
1   ...   13   14   15   16   17   18   19   20   21




The database is protected by copyright ©ininet.org 2024
send message

    Main page